DevSecOps Engineer (Toronto)

Responsibilities

• Implement and manage DevSecOps practices across the entire Software Development Lifecycle (SDLC), ensuring a shift-left approach to security.
• Comfortable with Kubernetes and other container orchestration platforms.
• Design and harden CI/CD pipelines (e.g., GitHub Actions) by implementing minimal permissions and leveraging OIDC with Workload Identity Federation for cloud deployments.
• Integrate and enforce security checks, including SAST, dependency scanning, and secret scanning (e.g., using tools like Trufflehog or GitGuardian), to fail builds on high-severity issues.
• Secure cloud infrastructure (GCP) by implementing the principle of least privilege for IAM, configuring VPC firewalls to restrict traffic, and using Google Secret Manager.
• Manage encryption and key rotation using Cloud KMS, ensuring all secrets are handled securely and not stored in code or plaintext.
• Oversee container and artifact ha...